147 matches found
Thruk Path Traversal Vulnerability
Thruk is an open source multi-backend monitoring web interface from the individual developer Sven Nierlein in Germany. A path traversal vulnerability exists in versions prior to Thruk 3.12, which stems from a vulnerability that allows an attacker to arbitrarily upload files to any path on the...
The vulnerability of the validate_path_is_safe() function in the machine learning lifecycle management platform allows a attacker to disclose sensitive information or execute arbitrary files.
The vulnerability of the validatepathissafe function in the machine learning model lifecycle management platform exists due to an incorrect restriction on the path name to the restricted-access directory. Exploiting this vulnerability could allow a malicious actor to disclose sensitive informatio...
VulnCheck KEV: CVE-2023-35078
Ivanti Endpoint Manager Mobile EPMM, previously branded MobileIron Core contains an authentication bypass vulnerability that allows unauthenticated access to specific API paths. An attacker with access to these API paths can access personally identifiable information PII such as names,...
Directory Traversal
Overview Affected versions of this package are vulnerable to Directory Traversal due to improper input sanitization passed via the validPath function of server.js. PoC 1 Make sure you have a public/ directory with files in it. 2 Make sure you have a public-isprivate directory with files in it. 3...
Vite 安全漏洞
Vite is a new front-end building tool from Vite open source. A security vulnerability exists in Vite versions 2.9.16, 3.2.7, 4.0.5, 4.1.5, 4.2.3, and 4.3.9. An attacker exploits the vulnerability to read files from the application's Vite root path...
CVE-2023-2196 Missing permission checks in Code Dx Plugin
A missing permission check in Jenkins Code Dx Plugin 3.1.0 and earlier allows attackers with Item/Read permission to check for the existence of an attacker-specified file path on an agent file system...
Atlassian Jira 7.13.0 < 7.13.4 Multiple Vulnerabilities
According to its self-reported version number, the instance of Atlassian Jira hosted on the remote web server is version 7.13.0 prior to 7.13.4, 8.0.0 prior to 8.0.4 or 8.1.0 prior to 8.1.1. It is, therefore, affected by multiple vulnerabilities: - A vulnerability which permits remote attackers w...
curl: CVE-2023-27534: SFTP path ~ resolving discrepancy
A vulnerability CVE-2023-27534 existed in libcurl's Curlgetworkingpath function, which resolved as remote users' home directory in an undocumented way for the sftp protocol. This could lead to unexpected final paths for sftp access, allowing an attacker with partial path access to gain access to...
The vulnerability of the monitoring, control, automation, and management tool for IBM Cloud Pak for Multicloud Management Monitoring lies in the incorrect restriction on the path to the restricted catalog. This allows attackers to escalate their privileges.
The vulnerability of the monitoring, control, automation, and management tool for IBM Cloud Pak for Multicloud Management Monitoring is related to an incorrect restriction on the path to the restricted catalog. Exploiting this vulnerability could allow a malicious actor to increase their privileg...
SUSE CVE-2019-10161
It was discovered that libvirtd before versions 4.10.1 and 5.4.1 would permit read-only clients to use the virDomainSaveImageGetXMLDesc API, specifying an arbitrary path which would be accessed with the permissions of the libvirtd process. An attacker with access to the libvirtd socket could use...
SUSE CVE-2019-10218
A flaw was found in the samba client, all samba versions before samba 4.11.2, 4.10.10 and 4.9.15, where a malicious server can supply a pathname to the client with separators. This could allow the client to access files and folders outside of the SMB network pathnames. An attacker could use this...
SUSE CVE-2020-29050
SphinxSearch in Sphinx Technologies Sphinx through 3.1.1 allows directory traversal in conjunction with CVE-2019-14511 because the mysql client can be used for CALL SNIPPETS and loadfile operations on a full pathname e.g., a file in the /etc directory. NOTE: this is unrelated to CMUSphinx...
SUSE CVE-2021-44420
In Django 2.2 before 2.2.25, 3.1 before 3.1.14, and 3.2 before 3.2.10, HTTP requests for URLs with trailing newlines could bypass upstream access control based on URL paths...
CVE-2023-24449
Jenkins PWauth Security Realm Plugin 0.4 and earlier does not restrict the names of files in methods implementing form validation, allowing attackers with Overall/Read permission to check for the existence of an attacker-specified file path on the Jenkins controller file system...
S3 File System - Moderately critical - Access bypass - SA-CONTRIB-2022-057
This module enables you to utilize S3-compatible storage as a Drupal filesystem. The module doesn't sufficiently prevent file access across multiple filesystem schemes stored in the same bucket. This vulnerability is mitigated by the fact that an attacker must obtain a method to access arbitrary...
The vulnerability of the /ptippage.cgi component of the ISnex HC-IP9100HD and ISnex HC-IP9050HD network camera microprogramming system allows a intruder to gain full access to the device.
The vulnerability of the /ptippage.cgi component of the ISnex HC-IP9100HD and ISnex HC-IP9050HD network camera microprogramming system is related to an incorrect limitation on the path name to the restricted access directory. Exploiting this vulnerability could allow a malicious actor to gain ful...
PT-2022-10717 · Aveva · Aveva Software Platform Common Services (Pcs) Portal
Name of the Vulnerable Software and Affected Versions: AVEVA Software Platform Common Services PCS Portal versions 4.4.6, 4.5.0, 4.5.1, 4.5.2 Description: The issue is related to DLL hijacking through an uncontrolled search path element. This may allow an attacker to control one or more locations...
Default credentials
Disclosure of information - the system allows you to view usernames and passwords without permissions, thus it will be possible to enter the system. Path access: http://api/sysusernamepasswd.cmd - The server loads the request clearly by default. Disclosure of hard-coded credit information within...
CVE-2022-30622 Chcnav - P5E GNSS Information disclosure
Disclosure of information - the system allows you to view usernames and passwords without permissions, thus it will be possible to enter the system. Path access: http://api/sysusernamepasswd.cmd - The server loads the request clearly by default. Disclosure of hard-coded credit information within...
CVE-2021-39327 BulletProof Security <= 5.1 Sensitive Information Disclosure
The BulletProof Security WordPress plugin is vulnerable to sensitive information disclosure due to a file path disclosure in the publicly accessible /dbbackuplog.txt file which grants attackers the full path of the site, in addition to the path of database backup files. This affects versions up t...